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WHAT IS CLAIMED IS; 

1. A device information generating device 
comprising: 

a device key matrix storage unit configured to 
store a device key matrix in which device keys are 
arranged rn a two dimensional manner; and 

a device key generating unit configured to select 
one of the device keys in each one dimensional array of 
the device key matrix according to each numeral of a 
device ID, 

wherein the selected device keys and the device ID 
are the device information* 

2. The device information generating device 
according to claim 1, wherein said device key 
generating unit selects one of device keys m each row 
of the device key matrix according to each numeral of 
the device ID. 

3. A device information generating device 

comprising: 

a device key matrix storage unit configured to 
store a device key matrix in which device keys are 
arranged in a two dimensional manner; 

a device key generating unit configured to select 
one of the device keys in each one dimensional array of 
the device key matrix according ro each numeral of a 

device ID; and 

a path function calculating unit configured to 



calculate a path function value based on the selected 
device keys, the path function indicating a path of the 
device ID in a tree formed of all possible combinations 
of the numerals forming the device ID, 

wherein path function value and the device ID are 
the device information, 

4. The device information generating device 
according to claim 3, wherein said device key 
generating unit selects one of device keys in each row 
of the key matrix according to each numeral of the 
device ID. 

5, A revoke control data generating device 
comprising: 

a device key matrix storage unit configured to 
store a device key matrix in which device keys are 
arranged in a two dimensional manner; 

a device key generating device configured to 
select one of the device keys in each one dimensional 
array of the device key matrix according to each 
numeral of a device ID? 

an encrypting unit configured to encrypt the 
selected device keys by a master key; and 

a revoke control data generating unit configured 
ro generate revoke control data including an output of 
said encrypting unit and a path function indicating a 
path of the device ID to be revoked in a tree formed of 
all possible combinations of the numerals forming a 



device ID, 

6. The revoke control generating device according 
to claim 5, wherein said device key generating device 
selects one of device keys in each row of the key 
matrix according to each numeral of the device ID. 

7. A content utilizing device comprising: 

a device information storing unit configured to 
store a device information including an arrangement of 
device keys and a device ID; 

a key decrypting unit configured to receive revoke 
control data including encrypted data keys which are 
encrypted by a master key and decrypt the encrypted 
data keys to obtain the master key; and 

a content decrypting unit configured to receive 
content dara which is encrypted by the data keys and 
decrypt the encrypted content data using the master key, 
wherein if the device information is included in the 
received revoke control data, the content utilizing 
device is revoked such that the key decrypting unit 
does not obtain the master key. 

8. The content utilizing device according to 
claim 7, wherein said revoke control data comprises 

a path function indicating a path of the device ID in 
a tree formed of all possible combinations of the 
numerals forming the device ID, 

9. A device information generating method 
comprising: 



selecting one of device keys in a device key 
matrix m which device keys are arranged in a two 
dimensional manner in each one dimensional array of the 
device key matrix according ro each numeral of a device 
ID, wherein the selected device keys and the device ID 
are the device information* 

10. The device information generating method 
according to claim 9, wherein one of the device key? in 
each row of the device key matrix is selected according 
to each numeral of the device ID. 

11. A device information generating method 
comprising: 

selecting one of device keys in a device key 
matrix in which device keys are arranged in a two 
dimensional manner in each one dimensional array of the 
device key matrix according to each numeral of a device 
ID; and 

calculating a path function value based on the 
selected device keys, the path function indicating a 
path of the device ID in a tree formed of all possible 
combinations of the numerals forming the device ID/ 

wherein path function value and the device IP are 
the device information - 

12. The device information generating method 
according to claim 11, wherein one of the device keys 
in each row of the key matrix is selected according to 
each numeral of the device ID. 



13. A revoke control data generating method 
comprising: 

selecting one of device keys in a device key 
matrix in which device keys are arranged in a two 
dimensional manner in each one dimensional array of 
the device key matrix according to each numeral of 
a. device ID; 

encrypting the selected device keys by a master 
key; and 

generating revoke control data including the 
encrypted-selected device keys and a path function 
indicating a path of the device ID to be revoked in a 
tree formed of all possible combinations of the 
numerals forming a device ID, 

14. The revoke control generating method according 
to claim 13 , wherein one of the device keys in each row 
of the key matrix is selected according to each numeral 
of the device ID. 

15. A content utilizing method comprising; 
receiving revoke control data including encrypted 

data keys which are encrypted by a master key and 
decrypting the encrypted data keys to obtain the master 
key; and 

receiving content data which is encrypted by data 
keys stored in a content utilizing device and 
decrypting the encrypted content data using the master 
key/ wherein if device information formed of a device 



information including an arrangement of the device 
keys and a device ID is included in rhe received 
revoke control data, the content utilizing device is 
revoked such that the encrypted data key 5 are not 
decrypted. 

16, The content utilizing method according to 
claim 15, wherein said revoke control data comprises 
a path function indicating a path of the device ID in 
a tree formed of all possible combinations of the 
numerals forming the device ID, 

17. An article of manufacture comprising a 
computer usable medium having computer readable program 
code means embodied therein, the computer readable 
program code means comprising: 

computer readable program code means for causing a 
computer to select one of device keys in a device key 
niatrix in which device keys are arranged in a two 
dimensional manner in each one dimensional array of 
the device key matrix according to each numeral of 
a device ID; 

computer readable program code means for causing 
a computer to encrypt the selected device keys by 
a master key; and 

computer readable program code means for causing 
a computer to generate revoke control data including 
the encrypted-selected device keys and a path function 
indicating a path of the device ID to be revoked in 
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a tree formed of all possible combinations of the 
numerals forming a device ID. 
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